Back to skill
Skillv1.0.0
VirusTotal security
PayTrigo (OpenClawBot, Base/USDC) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:19 AM
- Hash
- 38e54b193777d6929689b15088840a71189429a0d002554324f4d91102493a68
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: paytrigo-openclawbot Version: 1.0.0 The skill is classified as suspicious primarily due to the presence of hardcoded API keys in multiple scripts (`scripts/moltbot-bot-flow.mjs`, `scripts/moltbot-human-flow.mjs`, `scripts/paytrigo.mjs`). While the `SKILL.md` documentation states these are 'platform API keys' for 'no-setup usage' with `api.paytrigo.net`, hardcoding live secrets is a significant security risk. There is no clear evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints, arbitrary code execution, or prompt injection attempts against the agent to deviate from its stated purpose. The `scripts/moltbot-wallet-setup.mjs` handles sensitive wallet data responsibly by encrypting wallets and applying secure file permissions (0o600).
- External report
- View on VirusTotal